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Probabilistic transition system specifications (PTSSs) in the ntjjfOIntfixO format provide structural 
operational semantics for Segala-type systems that exhibit both probabilistic and nondeterministic 
behavior and guarantee that bisimilarity is a congruence for all operator defined in such format. Start¬ 
ing from the ntfrfOInt/jxO, we obtain restricted formats that guarantee that three coarser bisimulation 
equivalences are congruences. We focus on (i) Segala’s variant of bisimulation that considers com¬ 
bined transitions, which we call here convex bisimulation', (ii) the bisimulation equivalence resulting 
from considering Park & Milner’s bisimulation on the usual stripped probabilistic transition system 
(translated into a labelled transition system), which we call here probability obliterated bisimulation', 
and (iii) a probability abstracted bisimulation, which, like bisimulation, preserves the structure of the 
distributions but instead, it ignores the probability values. In addition, we compare these bisimulation 
equivalences and provide a logic characterization for each of them. 


1 Introduction 


Structural operational semantics (SOS for short) |24| is a powerful tool to provide semantics to program¬ 
ming languages. In SOS, process behavior is described using transition systems and the behavior of a 
composite process is given in terms of the behavior of its components. SOS has been formalized using 
an algebraic framework as Transition Systems Specifications (TSS) @0[151 [mini Basically, a 

TSS contains a signature, a set of actions or labels, and a set of rules. The signature defines the terms 
in the language. The set of actions represents all possible activities that a process (i.e., a term over the 
signature) can perform. The rules define how a process should behave (i.e., perform certain activities) 
in terms of the behavior of its subprocesses, that is, the rules define compositionally the transition sys¬ 
tem associated to each term of the language. A particular focus of these formalizations was to provide 
a meta-theory that ensures a diversity of semantic properties by simple inspection on the form of the 
rules. (See GBI ^3[ for overviews.) One of such kind of properties is to ensure that a given equivalence 
relation is a congruence for all operators whose semantics is defined in a TSS whose rules complies to a 
particular format. These so called congruence theorems have been proved for a variety of equivalences 
in the non-probabilistic case |[6 14 15 etc.]. 
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The introduction of probabilistic process algebras motivated the need for a theory of structural op¬ 
erational semantics to define probabilistic transition systems. Few earlier results appeared in this di¬ 
rection 0[5 17 181 presenting congruence theorems for Larsen & Skou bisimulation equivalence ^9} . 
Most of these formats have complicated restrictions that extend to sets of rules due to the fact that they 
considered transitions labeled both with an action and a probability value. By using a more modem 
view of probabilistic transition systems (where the target of the transition is a probability distribution on 
states) we manage to obtained the most general format for bisimulation equivalence, which we called 
ntj^OIntpxQ, following the nomenclature of | T4|T5| . 

Starting from the ntpfOfntpxO format, in this paper we define formats to guarantee that three coarser 
versions of bisimulation equivalence are congruences for all operator definable in the respective format. 
The first relation we focus on is Segala’s variant of bisimulation that considers combined transitions, here 
called convex bisimulation [25| . The second relation we explore originates here and we call it probability 
abstracted bisimulation. Like bisimulation and unlike convex bisimulation, it preserves the structure of 
the distributions of each transition, but instead, it ignores the probability values. This relation preserves 
the fairness introduced by the probability distributions. Finally, we study the bisimulation equivalence 
resulting from considering Park & Milner’s bisimulation | [2^ on the usual stripped probabilistic transition 
system (translated into a labeled transition system). Here we call it probability obliterated bisimulation. 
This is the usual way to abstract probabilities, but it has the drawback that it breaks the basic fairness 
provided by probabilistic choices. 

Apart from presenting congruence theorems for all previously mentioned bisimulation equivalences, 
we briefly study alternative definitions of these bisimulations, compare them with each other, and pro¬ 
vide logical characterizations, which are particularly new here for probability abstracted and probability 
obliterated bisimulation equivalences. 

The paper is organized as follows. Sec. [^recalls the type of algebraic structure and Sec. [^provides 
the basic notions and results of probabilistic transition system specifications (PTSS). Sec. [^presents the 
different bisimulation equivalences and a brief study of them, including their logical characterizations. 
The study of all the PTSS formats and the respective congruence theorems is given in Sec. The paper 
concludes in Sec 0 


2 Preliminaries 

Let S = {5,(7} be a set denoting two sorts. Elements of sort 5 € S are intended to represent states in 
the transition system, while elements of sort <i € S will represent distributions over states. We let cr 
range over S. An S-sorted signature is a structure (F’,ar), where (i) F is a set of function names, and 
(ii) ar : F —> (S * x S) is the arity function. The rank of / e F is the number of arguments of /, defined by 
fK/) - n if ar(/) = cri.. .cTn ^ cr. (We write “cri ...CTn^cr” instead of “(cri. ..(Tn,o-)” to highlight that 
function / maps to sort cr.) Function / is a constant if rk(/) = 0. To simplify the presentation we will 
write an S -sorted signature (F, ar) as a pair of disjoint signatures (S^, Z^) where is the set of operations 
that map to s and Z^ is the set of operations that map to d. Let "V and 'Vd be two infinite sets of S -sorted 
variables where 'V,'Vd,F are all mutually disjoint. We use x,y,z (with possible sub- or super-scripts) to 
range over 'V, p,v to range over 'Vd and ^ to range over 'V U 'Vd. 

Definition 1. Let Z^ and Z^ be two signatures as before and let V Q'V and D c 'Vd. Vfe simultaneously 
define the sets of state terms r(Z^, V,D) and distribution terms r(Z^, V,D) as the smallest sets satisfying: 
(i) V c r(Z„ L D); (ii) D c r(Zrf, L D); (Hi) /(^i, • • •, ^rk(/)) e r(Z^, F, D), if ar(/) = ^ cr and 

^;er(Z^,,F,D). 
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We let T(E) = T{l,s,'V,'Vd) U T{l,d,'V,'Vd) denote the set of all open terms and distinguish the sets 
T(E^) = T{l,s,'V,'Vd) of open state terms and T(Xrf) = T{'Ld,'V,^d) of open distribution terms. Similarly, 
we let T(E) = r(X^,0,0) U r(E^,0,0) denote the set of all closed terms and distinguish the sets 7(2^) = 
r(X^,0,0) of closed state terms and T(Erf) = r(Zrf,0,0) of closed distribution terms. We let t, t', ti,... 
range over state terms, 6, O', 6i,... range over distribution terms, and ^i,... range over any kind of 
terms. With 'Vi^) £ 'V u 'Vd we denote the set of variables oeeurring in term 

Let A(T(Xi)) denote the set of all (diserete) probability distributions on T(Zi). We let n range over 
A(T(E^)). For eaeh t e T(X^), let 6t € A(T(E^)) denote the Dirac distribution, i.e., 6t{t) - 1 and 6t{t') = 0 
if t and t' are not syntaetieally equal. For A c T(S^) we define n{X) - YjteX n{t). The eonvex eombination 
YjieiPi'^i of a family {7r,),g/ of probability distributions with p, e (0,1] and YjieiPi - 1 is defined by 
iijiel Pi^Xt) = TjieliPi^it))- 

The type of signatures we eonsider has a partieular eonstruetion. We start from a signature of 
funetions mapping into sort s and eonstruet the signature of funetions mapping into d as follows. For 
eaeh f € we inelude a funetion symbol f € Fd with ar(/) - d.. .d ^ d and rk(/) = rk(/). We eall / 
the probabilistic lifting of /. (We use boldfaee fonts to indieate that a funetion in Z^ is the probabilistie 
lifting of another in Z^.) Moreover Z^ may inelude any of the following additional operators: (i) 6 with 
arity ar((5) - s ^ d, and (ii) with 1 being a finite or eountable infinite index set, YjieiPi - T 

Pi e (0,1] for all i e I, and = d^^^ d. Notiee that if I is eountably infinite, is 

an infinitary operator. 

Operators 6 and are used to eonstruet diserete probability funetions of eountable support: 

S{t) is interpreted as a distribution that assigns probability 1 to the state term t and probability 0 to any 
other term t' (syntaetieally) different from t, and ^^^J[pi]0i represents a distribution that weights with pi 
the distribution represented by the term 0,. Moreover, a probabilistieally lifted operator / is interpreted 
by properly lifting the probabilities of the operands to terms eomposed with the operator /. 

Formally, the algebra assoeiated with a probabilistieally lifted signature Z = (Zs,'Ld) is defined as 
follows. For son s, if is fhe freely generated algebraie sfruefure T(Z^). For sorf d, if is defined by fhe 
earrier A(T(Zi)) and fhe following inferprefalion: |[d(0]| = d, for all t € T(Zi), = YiieiPi'iQiJ 

for [Oi I / e 7) c T(Zrf), Wi,.. .,0rk(/))]l(/(^i, ■ • ■ ,^rk(/))) - 0^,=if for all j s.f. cr,- = d, Oj - ^j, 
and |[/(0i,...,0rk(/))]l ififi = 0 ofherwise. Here if is assumed fhaf n® - 1 ■ Nofiee fhaf in fhe 
semanfies of a lifled funelion /, fhe big produel only eonsiders fhe disfribufions related fo fhe ^-sorted 
posifions in /, while fhe disfribufion ferms eorresponding fo fhe rZ-sorfed positions in / should mafeh 
exaefly fo fhe paramefers of /. 

A substitution p is a map 'V U "Vd —> T(Z) sueh fhaf p(x) e T(Z^), for all x e 'V, and p(p) e T(Zd), for 
all p e ’Vd. A subslifulion is elosed if if maps eaeh variable fo a elosed term. A subslifulion exfends fo a 
mapping from terms fo ferms as usual. 

Finally, we remark a general properly of disfribufion ferms: lei / € Z^ wilh ar(/) = cr\...crn^ s, and 
lei o-j = 5 ; Ihen / e Zj is dislribulive w.r.l. © in fhe position j, i.e. lp{f{... ,^j-l,^^^J[pi\0i,fj +\,...))]] = 
tF(® jg/[Fi]/(- ■ • ...))! for any elosed subslilufion p. The proof follows from fhe definition 

of |[^|. However, notiee fhaf / does not dislribule w.r.l. © in a position k sueh fhaf = d. 


3 Probabilistic Transition System Specifications 

A (probabilislie) Iransilion relation preseribes whieh possible aelivily ean be performed by a term in a 
signalure. Sueh aelivily is deseribed by fhe label of fhe aelion and a probabilily disfribufion on terms that 
indieates the probability to reaeh a partieular new term. We will follow the probabilistie automata style 
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of probabilistic transitions | [25| which are a generalization of the so-called reactive model | |T^ . 

Definition 2 (PTS). A probabilistic labeled transition system (PTS) is a triple (T(Ei),A,—>), where 
2 = i^ probabilistically lifted signature, A is a countable set of actions, and^ c T(E^)xAx 

A(T(Si)), is a transition relation. Vfe write t —> nfor {t,a,n) e— 


Transition relations are usually defined by means of structured operational semantics in Plotkin’s 
style |24|. For PTS, algebraic characterizations of this style were provided in |^[9 211 where the term 
probabilistic transition system specification was used and which we adopt in our paper. 


Definition 3 (PTSS). A probabilistic transition system specification (PTSS) is a triple P = fL,A,R) where 
S is a probabilistically lifted signature, A is a set of labels, and R is a set of rules of the form: 


{tk^ek\k€K}iJ{ti^\l€L]iJ {OjiTj) xj qj \ j e J] 
t-^e 

where K,L,J are index sets, t,tk,ti e T(Si), a,ak,bi e A, Tj c TfLs), xj € {>,>,<,<), qj € [0,1] and 
6j,9k,9e T(Zd). 

Expressions of the form t ^ 9, t , and 9{T) x p are called positive literal, negative literal, and 
quantitative literal, respectively. For any rule r € /?, literals above the line are called premises, notation 
prem(r); the literal below the line is called conclusion, notation conc(r). We denote with pprem(r), 
nprem(r), and qprem(r) the sets of positive, negative, and quantitative premises of the rule r, respectively. 
In general, we allow the sets of positive, negative, and quantitative premises to be infinite. 

Substitutions provide instances to the rules of a PTSS that, together with some appropriate machinery, 
allow us to define probabilisfic fransifion relations. Given a subsfifufion p, if exfends fo liferals as follows: 

p{t) , p{9{T) xp)= p{9){p{T)) X p (where p{T)^ {p{t) | f € T)), and p{t ^ 9) = pit) p(6»). 

We say fhaf r' is a (closed) insfance of a rule r if fhere is a (closed) subsfifufion p so fhaf r' = pfr). 
We say fhaf p is a proper substitution of r if for all quanfifafive premises 9iT) x p of r and all f e T, 
l[p(^)]| (p(0) > 0 holds. We use only fhis kind of subsfifufion in fhe paper. 

In fhe resf of fhe paper, we will deal wifh models as symbolic fransifion relations in fhe set T(Z^) x 
A X T(Zrf) rather than the concrete transition relations in T(Z^) x A x A(T(Zi)) required by a PTS. Hence 
we will mostly refer with the term “transition relation” to the symbolic transition relation. In any case, 
a symbolic transition relation induces always a unique concrete transition relation by interpreting every 
target distribution term as the distribution it defines; fhaf is, fhe symbolic fransifion t ^ 0 is inferprefed 

a 

as fhe concrefe fransifion t |[0|. If fhe symbolic fransifion relation furns ouf fo be a model of a PTSS 
P, we say fhaf fhe induced concrefe fransifion relation defines a PTS associafed fo P. 

To define an appropriafe notion of model we consider 3-valued models. A 3-valued model parfifions 
the set T(Z^) x A x T(Z^/) in three sets containing, respectively, the transition that are known to hold, that 
are known not to hold, and those whose validity is unknown. Thus, a 3-valued model can be presented as 
a pair (CT, PT) of transition relations CT, PT c T(Z^) x A x T(Z^), with CT c PT, where CT is the set of 
transitions that certainly hold and PT is the set of transitions that possibly hold. So, transitions in PT\ CT 
are those whose validity is unknown and transitions in (T(Z^) x A x T(Z^)) \ PT are those that certainly 
do not hold. A 3-valued model (CT, PT) that is justifiably compafible wifh fhe proof sysfem defined by 
a PTSS P is said fo be stable for P. (See Def.|^) 

Before formally defining fhe nofions of proof and 3-valued sfable model we infroduce some nofafion. 
Given a fransifion relation Tr c T(Zi) x A x T(Zt/), t 9 holds in Tr, nofafion Jt \= t 9, if t 9 eJf, 
t holds in Tr, nofafion ft \= t , if for all 9 € T(Zd), t —> 0 ^ Tr. A closed quanfifafive consfrainf 
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9{T) X p holds in Tr, notation Tr 1= 6{T) x p, if |[0|(r) x p. Notice that the satisfaction of a quantitative 
constraint does not depend on the transition relation. We nonetheless use this last notation as it turns out 
to be convenient. Given a set of literals H, we write Tr 1= // if for all cf) eH,'\x\= (p. 


Definition 4 (Proof). Let P - (L,A,R) be a PTSS. Let ^ be a positive literal and let H be a set of literals. 
A proof of a transition rule ^ from P is a well-founded, upwardly branching tree where each node is a 
literal such that: (i) the root is if/; and (ii) if x L a node and K is the set of nodes directly above x, then 
one of the following conditions holds: (a) K = % andx £ PI, or (b)x - {9{T) x p) is a closed quantitative 
literal such that |[0|(r) x p holds, or (c) ^ is a valid substitution instance of a rule from R. 

^ is provable from P, notation P H if there exists a proof of ^ from P. 

Before, we said that a 3-valued stable model (CT, PT) for a PTSS P has to he justifiably compatible 
with the proof system defined by P. By “compatible” we mean that (CT, PT) has to be consistent with 
every provable rule. With “justifiable” we require fhaf for each fransifion in CT and PT fhere is acfually a 
proof fhaf juslifies if. More precisely, we require fhaf (a) for every cerfain fransifion in CT fhere is a proof 
in P such fhaf all negative hypofheses of fhe proof are known to hold (i.e. there is no possible transition in 
PT denying a negative hypothesis), and (b) for every possible transition in PT there is a proof in P such 
that all negative hypotheses possibly hold (i.e. there is no certain transition in CT denying a negative 
hypothesis). This is formally stated in the next definition. 


Definition 5 (3-valued stable model). Let P = (L,A,R) be a PTSS. A tuple (CT, PT) with CT c PT c 
T(Ei) X A X T(Erf) is a 3-valued stable model /or P if for every closed positive literal f, 

(a) f € CT iff there is a set N of closed negative literals such that P 'f ^ and PT \= N 

(b) f € PT iff there is a set N of closed negative literals such that P ^ and CT \= N. 


The least 3-valued stable model of a PTSS can 


be constructed using induction |[^TT]T^. 


Lemma 1. Let P be a PTSS. For each ordinal a, define the pair (CTq,, PTq,) as follows: 


• CT 0 = 0 and PTq = T(Ls) x A x T(Xrf). 


• For every non-limit ordinal a >0, define: 


CTq, -\t ^ 9 \for some set N of negative literals, P i —and PTq,_i 1= n\ 

PTq, = \t ^ 9 \for some set N of negative literals, P \—and CTq,_i \= N 
' t —>e 


• For every limit ordinal a, define CTq, = IJ^<q CTp and PTq, = n/3<ff 

Then: 1. if jS < a, CT^ c CTq, and PT^ 2 PTq,, and 2. there is an ordinal A such that CT,i = CT^+i and 
PT.^ = PT.^+ 1 . Moreover, (CT,}, PT,i) is the least 3-valued stable model for P. 

PTSSs with least 3-valued stable model that are also a 2-valued model are particularly interesting, 
since this model is actually the only 3-valued stable model l|7][^. A PTSS P is said to be complete 
if its least 3-valued stable model (CT, PT) satisfies fhaf CT = PT (i.e., fhe model is also 2-valued). We 
associafe a probabilisfic fransifion sysfem fo each complefe PTSS. 

Definition 6. Let P be a complete PTSS and let (Tr, Tr) be its unique 3-valued stable model. V2e say that 
Tr is the transition relation associated to P. 'We also define the PTS associated to P as the unique PTS 
(T(Xi),A,—>) such that t ^ n if and only ift^9e Tr and |[0]| = nfor some 9 e Tiflf). 
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The different examples that we give in the rest of the papers are in terms of a basic probabilistic 
process algebra. We introduce it here, but address the reader to ||8| for an example of a PTSS with richer 
operators. Signature contains the constant 0, representing the stop process, for each action a e A, a 
unary probabilistic prefix operators a.^ with arity ar(a) = d ^ s, and a binary operator +, the alternative 
composition or sum, with arity ar(+) = ss ^ s, while contains the respective lifted signature, 6, and 
all binary operators which we denote by 0p. The semantics is defined with the usual rules: 

a a 

y^p 

a a a 

a.fi^ fi x + y^^ 


4 Bisimulation relations 


This work revolves around four different types of bisimulation relations: (i) the usual (strong) bisim¬ 
ulation relation on probabilistic system, in which each probabilistic transition should be matched 
with a single probabilistic transition so that the distributions of both transitions agree on the probabili¬ 
ties of jumping into equivalent states; (ii) the convex bisimulation |251 relation, in which the matching 
is performed instead with a convex combination of transition relations; (iii) the probability abstracted 
bisimulation, in which the matching is performed by a single transition so that the distributions of both 
transitions agree on jumping to the same equivalent classes of states but not necessarily with the same 
probability value; and (iv) the probabilistic obliterated bisimulation, which represents the usual bisim¬ 
ulation | [22| once the probabilistic transition system is abstracted into a traditional labeled transition 
system in the usual way. 

To our knowledge, the probability abstracted bisimulation originates here. Its intention is to strictly 
preserve the probabilistic structure of a system without caring about the probability values. Thus, prob¬ 
ability abstracted bisimulation is consistent with any bisimulation preserving quantitative properties that 
only tests for positive quantifications, rather than a particular value. Instead, this kind of properties are 
not preserved by the probabilistic obliterated bisimulation as it is shown below in this section. 

In the following we introduce all these relations and discuss their relationship as well as alternative 
definitions. For the rest of the section we assume given a PTS P = (T(Ei),A,—>). 

Given a relation R c T(Ei) x T(E^), a set 2 c T(E^) is R-closed if for all r € 2 and t' e T(Ei), t R t' 
implies f e Q (i.e. R(2) £ 2)- It is easy to verify that if two relations R, R' c T(E^) x T(E^) are such that 
R' £ R, then if 2 £ T(Ei) is R-closed, it is also R'-closed. 


Definition 7. A relation R c TfE^) x 7(1, s) is a bisimulation if it is symmetric and for all t, f € T(Ei), 
a e A, and tt e A( T(Ls)), t Rt' and f > tt imply that there exists n' e A( T(Ei)) 5. t. t' n' and n R n', 
where n Rn' if and only if for all R-closed Q c 7(1,^), n{Q) - n'(Q). The relation called bisimilarity 
or bisimulation equivalence, is defined as the smallest relation that includes all bisimulations. 

A combined transition t ^ is defined whenever there is a family {7r,),g/ c A(T(Ei)) and a family 
{Pi]iei £ [0,1] such that t tt,- for all i € I, YjieiPi = 1 and n = YjieiPi^i- 

Definition 8. A relation R c T(Ls)x 7(1,^) is a convex bisimulation if it is symmetric and for all t,t' € 
T(Ei), a e A, and n e A(T(E^)), t R t' and t ^ n imply that there exists n' € A(T(Ei)) s.t. t' — n' and 
n R n'. The relation ~c, called convex bisimilarity or convex bisimulation equivalence, is defined as the 
smallest relation that includes all convex bisimulations. 


Definition 9. A relation R c TfE^) x T(E^) is a probability abstracted bisimulation if it is symmetric and 
for all t,t' e T(Ls), aeA, and n e A{T(Ls)), t Rf and t ^ n imply that there exists n' ^ A{7(Ls)) ^-t. r'—>7r' 
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and for all R-closed Q c T(Si), 7r{Q) > 0 iff n'{Q) > 0. The relation ~a, called probability abstracted 
bisimilarity or probability abstracted bisimulation equivalence, is defined as the smallest relation that 
includes all probability abstracted bisimulations. 

Notice that the transfer property in this last case follows the same structure as the bisimulation, only 
that it only requires that n{Q) > 0 iff n'{Q) > 0 for all 7?-closed, instead of n{Q) = n'(Q). 

Definition 10. A relation R c TfLs) x 7(1^) is a probability obliterated bisimulation if it is symmetric 
and for all t,f € T(Zs), a €A, and n e A(T(Ei)), t Rt' and t ^ jt imply that for all R-closed Q c T(Z^) 
with n{Q) > 0, there exists n' € A{T{l,s)) s.t. t' —> n' and n\Q) > 0. The relation ~o, called probability 
obliterated bisimilarity or probability obliterated bisimulation equivalence, is defined as the smallest 
relation that includes all probability obliterated bisimulations. 

Compare this last definition with Def. While for probability abstracted bisimulation we require 
that there is a single matching transition f n' so that n' gives some positive probability to all 7?-closed 
sets exactly whenever n does, the definition of probability obliterated bisimulation permits to choose 
different matching transitions for each /^-closed set that measures positively on n. 

It is well known that ~ and ~c are equivalences relations and that they also are, respectively, a 
bisimulation relation and a convex bisimulation relation. The fact that ~o is also an equivalence relation 
and itself a probability obliterated bisimulation follows from Lemmaj^which state that it agrees with Park 
& Milner’s bisimulation. The same properties can be proven for probability abstracted bisimulation: 

Lemma 2. ~a is an equivalence relation and is itself a probability abstracted bisimulation. 

Similarly to the bisimulation l|^ Prop 3.4.4], the probability abstracted bisimulation has a character¬ 
ization in terms of an abstract weight function. This alternative characterization is the one used in the 
proof of Theorem]^ and that is why we present it in this paper. 

Given a relation R c T(2^)xT(XJ, we define =p€ A(T(EJ) x A(T(Z^)) as follows. For all n,n' e 
A(T (Ls)), n =p n' if fhere is an abstract weight function w : (T (S.,) x T (S^)) ^[0,1] s.f. for all t,f eJ (1^), 
(i) w(f,T(Si)) > 0 iff n{t) > 0, (ii) w(T(Ei),T) > 0 iff n'{t') > 0, and (iii) w{t,f) > 0 implies t R t'. 

Lemma 3. For all t,t' e T(Z^), t ~a t' if and only if there is a symmetric relation R c TCLfi x 7(2^) with 
t Rt' such that for all t\,t 2 ^ 7(E^), a€A, and tti € A( 7(E^)), A R t 2 and t\ tti imply that there exists 
jt 2 € A(7(E^)) s.t. t 2 1^2 and n\ n 2 . 

The nexf lemma shows fhaf fhe probabilify obliterated bisimulafion agrees wifh Park & Milner’s 
bisimulafion. Denote t ^ t' iff fhere is n such fhaf t ^ tt and 7T{t') > 0. Nofice fhaf fhis nofafion precisely 
defines fhe usual absfracfion of probabilistic fransifion sysfems info labeled fransifion systems in which 
all information regarding fhe probabilify disfribufion is losf excepf from fhe facf fhaf one sfafe can reach 
anofher sfafe wifh posifive probabilify after a fransifion. 

Lemma 4. For all t, t' € T(I,s), t ~o t' iff there is a symmetric relation R c TfEs) x T(Ls) with t Rt's. t. for 
all ti,t 2 d[ £ 7(E^) and aeA, t\ Rt 2 and ti ^ t'^ imply that there exists t'^ e 7(E^) s.t. t 2 ^ t'^ and fj R t'^. 

Finally we sfafe fhe relafion among fhe differenf bisimulafions 

Lemma 5. The following inclusions hold and are proper: ~ Ci~c^~o and ~ c c ~g. Besides ~c and 
~a are incomparable. 

In fad fhe resulfs can be proved sfronger as we explain in fhe following. Any bisimulafion relafion 
is also a convex bisimulafion, which follow from fhe fad fhaf t n implies t Any convex bisim- 

ulafion is also a probabilify obliferafed bisimulafion since t -^c ^ wifh n{Q) > 0 implies fhaf fhere is a 
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n' such that t ^ n' and n'iQ) > 0. Any bisimulation is also a probability abstracted bisimulation since 
TT R tt' implies niQ) > 0 iff 7t'{Q) > 0 for all R-closed Q. Finally, any probability abstracted bisimulation 
is also a probability obliterated bisimulation since, for a given n and R, the existence of a n' s.t. t' —> n' 
and 7:{Q) > 0 iff 7t'(Q) > 0 for all R-closed Q, guarantees that, for all R-closed Q with n(Q) > 0 there is 
a n' s.t. t' n' and 7t'{Q) > 0. 

Notice that ti = afb.O) + a.(c.O) and t 2 = ti -i- a.(ft.O 0 o .5 c.O) are convex bisimilar but not probabil¬ 
ity abstracted bisimilar. Besides, notice that t 3 = a.(i.O 0 o .5 c.O) and t 4 = a.(ft.O0o.i c.O) are probability 
abstracted bisimilar but not convex bisimilar. These examples not only show that and ~a are incom¬ 
parable, but also that all stated inclusions are proper. 

In the rest of the section we present logical characterizations for the different bisimulation equiva¬ 
lences. This work has already been done for bisimulation | [T0|[T^ and convex bisimulation |16|. We 
adopt here the two-level logic style of 110 |. 

We define the logic £.h as the set of all formulas with the following syntax: 


T \ (a)li/ I (a>ciA I Aiei4>i I <A:= Wp I 

where a € A, p € [0,1] n Q, and I is any index set. The logic Xc contains all formulas of Xi without the 
modality {a)_ . The logic Xa contains all formulas of X* without modalities {a}c- and [_]p for all p > 0 
(i.e. it only accepts [Jo among this type of modalities.) Finally, the logic Xo contains all formulas of Xa 
without rifs/- ■ 

The semantics of Xfe is defined with the satisfaction relation 1= on a PTS P = (T(Zi),A,^) as follows. 


(i) 

t\=T 

for all t € T(E^) 

(V) 

t\= -.0 

ift^4> 

(ii) 

t \= (a)ip 

if there is f tt s.t. n\=ip 

(Vi) 

n-N [0]p 

iijr{{teT{I,,)\t\=4)})>p 

(hi) 

(iv) 

t \= (a)cip 

^ N Aiel^i 

if there is t — n s.t. 7:\=p 
\ft\= (pi for all i € I 

(vii) 


if TT 1= ipi for all i € I 


The semantics of the other logics is defined in the same way but restricted to the respective operators. 

For;^ e {b,c,a,o}, let X^-CO - {(p e Jl)^\t\= cp), for all t € T(Ei), and = {ip € £.^\n\= ip), for all 

n e A(T(Ii)). We write t\ t 2 iff X^^CJ) = and tti iff X^(:^i) = Lxf^i)- Then, we have 

the following characterization theorem. 

Theorem 1. For all[b,c,a,o} andforallt\,t 2 e TfLs\ h ~x ^2 ijft\ t 2 (where ~b = ~)- 

Let ti, t 2 , t 3 , and t 4 be as before. Recall ti tz and t 3 ~a 14 . Notice that (a)([(^)T]o.5 n [{c)T]o. 5 ) 
distinguish ti from t 2 , while (a)c([(fi)T]o .5 n [(c)T]o. 5 ) is satisfied by both ti and t 2 . That is why (a)_ is 
not an operator of Xf. Notice [(fi)T]o.5 distinguishes the distribution |[fi.O0o.5 c. 0 ]| from |[fi.O 0 o.i c. 0 ]|, 
while [(f^)T]o does not (but it does distinguish them from e.g. |[c. 0 ]|). Thus (a)[((^)T]o.5 distinguishes 
t3 from t4. That is why [Jp is not an operator of Xa if p > 0 . Finally, notice that (a)([(f?)T]o n [(c)T]o) 
distinguishes = a.{b.0^o.5 c.O) from te = a.b.O + a.c.Q, and observe that ts ~o te. However, neither 
{a)[{b)T ]o nor (a)[(c)T]o can distinguish them. That is why Uis/ - is not an operator of Xo- 

5 Formats 

In this section we introduce rule and specification formats that guarantee that each bisimulation equiva¬ 
lences discussed in the previous section is a congruence for every operator whose semantics is defined 
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within the respective rule of the specification format. In particular, the format ntjifQjntgxO, which ensures 
that bisimulation equivalence is a congruence for all operator in such format, has been already introduced 
in Q and finally revised in Q. We presenf here ifs more general form. 

The following definilion is imporfanf fo ensure a symmefric freafmenf of variables and ferms wifhin 
fhe formal. Lei {Yi]ieL be a family of sefs of slafe term variables wifh Ihe same cardinalify. The Z-lh 
elemenf of a luple y is denoted by y(Z). For a sel of luples T = {y/ | Z e /} we denole fhe Z-lh projection 
by n/(r) ^ {y-(Z) I ie I). Fix a sel Diag{T/}/gz. £ such Ihati (i) for all Z € L, n/(Diag{T/}/gz.) = T/; 

and (ii) for all y,'p € Diag{T/)/gz„ (3Z € L : y(Z) = y^(Z)) ^ y - p- Properly (ii) ensures lhal differenl 
luples y,y' e Diag{F/)/gi differ in all positions, and by properly (i) every variable of every F/ is used in 
(exaclly) one y € Diag{F/)/gL. Diag slands for “diagonal”, following Ihe inluilion lhal each y represenls a 
coordinate in Ihe space Yiiei Yi, so lhal Diag{F/);g/, can be seen as Ihe line lhal Iraverses Ihe main diagonal 
of Ihe space. Therefore, notice lhal, for F/ = {yPy],yp . ■ ■}, a possible definition for Ihe sel Diag{F/}/g/, is 
{(y‘j’,y°,... ,yp),{y\,yP...,y\),(ypyj,...,y ]),...). In addition, we use Ihe following nolalion: t(^i,..., 
denotes a term lhal only has variables in Ihe sel lhal is 'y(f(^i,...,^„)) c and 

moreover, t( 4 'j,..., ) denotes Ihe same term as t{G > • ■ • > iu which each variable has been replaced 

by^;. 

Definition 11. Let P = (L,A,R) be a PTSS. A rule reRis in ntfifO formal if it has the following form 
UmsMlZmC^-U — 7 ^ | ^ U {0;(F/) | Z € L, Z: £ .S';} 

/(^l,...,^rk(/)) ^ 0 

with e {>, >}for ail I € L and k £ Ki, and Z = Diag{Yi}ieL x with W Q'VU'Vd\ U/el 

addition, it has to satisfy the following conditions: 

1. Each set Yi should be at least countably infinite, for all I e L, and the cardinality of L should be 
strictly smaller than that of the Yfs. 

2. All variables ,..., ^rk( f) are different. 

3. All variables with m€ M and z £ iZ, are different and {^i,... ,^rk(/)} [Pm M) = 0. 

4. For all l€ L, F/ n {^i,..., 4^rk(/)) - ©. and Yi n F// = (bfor all I' € L, I 4 I'. 

5. For all m€ M, the set | z £ n {fV{6) U (IJ/sl'^C^/)) '-Z is finite. 

6. For all l^L, the set Yi n {fV{0) U U/'el'^C^/')) is finite. 

a 

A rule r e R is in ntgxG formal if its form is like above but has a conclusion of the form x —> 0 and, 
in addition, it satisfies the same conditions as above, except that whenever we write {^i,...,^rk(/)). we 
should write {x}. P is in ntpfG formal if all its rules are in ntpfO format. P is in ntpfOjntpxG formal if all 
its rules are in either ntpf 9 format or ntpxO format. 

The rationale behind each of Ihe reslriclions are discussed in Q in deplh (see also Q). In Ihe 
following we briefly summarize il. Variables in Ihe source of Ihe conclusion, all variables 

in Ihe largel of Ihe positive premises, and all variables in Ihe sels F/, Z £ L, as part of Ihe measurable 
sels in Ihe quanlilalive premises, are binding. Thai is why all of Ihem are requested lo be differenl, 
which is slated in conditions and If F; is finite, quanlilalive premises will allow lo counl Ihe 
minimum number of terms lhal galher certain probabilities. This goes againsl Ihe spiril of bisimulalion 
lhal measures equivalence classes of terms regardless of Ihe size of Ihem. Therefore F/ needs lo be infinite 
(condition!^. Condition [^ensures lhal, for each me M Ihere are sufficienlly many dislribulion variables 
in Ihe sel [pj„ | z £ lo be freely inslanlialed. The use of a dislribulion variable in a quanlilalive premise 
may disclose pari of Ihe slruclural nalure of Ihe dislribulion term lhal subslilules such variable. Thus, for 
inslance, if all variables pf„ are used in differenl quanlilalive premises logelher wilh some lookahead, we 
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may restrict the syntactic form of the eventually substituted distribution terms, hence revealing unwanted 
differences. A similar situation arises with the use of variables in Yi for all I € L, hence conditionj^ The 
precise understanding of conditions and [^requires a rather lengthy explanation that is beyond the scope 
of this paper. The reader is referred to l[^[^ for details. 

All congruence theorems in this article apply only to PTSSs whose rules are well-founded. A rule r 
is well-founded if there is no infinite backward chain in the dependency graph Gr = {V,E) of r defined by 
1/ = q/UTrf and £■ = {{^,p) \{t-^p)€ pprem(r), ^ e T/(t)) U [{^,y) \ {0{Y) >p)e qprem(r),^ € ^{d),y € T). 
A PTSS is called well-founded if all its rules are well-founded. 

The full proof of the following theorem can be found in Q. 

Theorem 2. Let P = (L,A,R) be a complete well-founded PTSS in ntpfOjntpxO format. Then, the bisimu¬ 
lation equivalence is a congruence for all operators defined in P. 

The ntpfOfntpxO format is still too general to preserve the other (weaker) bisimulation equivalences 
presented in Sec. In the reminder of the section, we will discuss through appropriate examples how 
the ntpfQIntpxd format should be further restricted or modified so that the other bisimulation equivalences 
are congruences for the resulting restricted formats. 

We focus first on convex bisimulation. For this consider the terms ti = a.(ft.O) -i- a.(c.O) and t 2 = 
ti -i-a.(A.O 0 o .5 c.O). Notice that ti t 2 - Consider a possible extension of our running example with a 
unary operator / with the following ntpfO rule: 

x^p p{Y)> 0.5 {y^pylyeY} p{Y')> 0.5 {y'^ py \y'e Y'} 

a ' 

fix) ^ 0 

Since t 2 —> ( 6 .O 0 O .5 c.O), /(t 2 ) ^ 0. However it is easy to see that /(ti) cannot perform any transition. 

Therefore/(ti)/c/(t 2 )- 

The problem arises precisely because, in order to show that ti ~c t 2 , transition t 2 —> (A.O 0 O .5 c.O) is 

matched with the appropriate convex combination of the transitions ti b.O and ti c.O. Thus, we 
need that a quantitative premise guarantees that the test is produced on a convex combination of target 
distributions rather than on a single target distribution. An appropriate modification of such rule would 
be to replace it by a family of rules of the form 

{xyL(„ I neN) -0-5 {y-^Py\y€Y} ^ 0.5 py \y'eY'} 

fix) ^ 0 

one for each {p«)« 6 N such that = 1 and each pi € [ 0 , 1 ] n Q. 

Consider now that the semantic of / is defined by the rule 

a 

( 2 ) 

fix) -> a.p 

and notice that /(t 2 ) ^ a.(ft.O 0 o .5 c.O). However, the only two possible transitions for /(ti) are /(ti) —> 
a.bM and /(ti) a.c.O, and there is no p e [0,1] such that a.A.O 0 pa.c.O ~c a.(A.O 0 o .5 c.O). For this 
reason, we will require that a target of a positive premise does not appear in a r/-sorted position of a 
subterm in the target of the conclusion. 

For the next example, we consider an additional unary <i-sorted operator g and the following rules 


■ b gib) b' 


piY)>0 {y^p\yeY] piY')>0 [y'^ p'\y'&Y'] 


gib)^^ 


fix) ^ 0 


( 3 ) 
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b G 

Notice that g(ft.O 0 o .5 c.O) ^ 0. Therefore /(t 2 ) —> 0. However, neither g(A.O) nor g(c.O) can perform any 
transition, and as a consequence /(ti) cannot perform any transition either. Hence, /(ti) /(ti)- For 

this reason we will require that a target of a positive premise does not appear in the source of a positive 
or negative premise. 

Suppose now that g is a binary ^-sorted operator and consider the following rules 

a be 

XI X2^g2 ... 

Cl Q ^ 

f(x)^g(M,g) g(jci,X2)^0 

Notice that the only possible transitions for /(ti) are /(ti) g{b.Q,b.O) and /(ti) g(c.0,c.0). More¬ 

over, notice that g{b.Q,b.Q) ~c g(c.O, c.O) ~c 0. However, /fe) g(A.O 0 o .5 c.O,^.O 0 o .5 c.O), and it is not 
difficult to see that g(A.O 0 o .5 c.O, A.O 0 O .5 c.O) ~c (a.O 00.25 0). Therefore, f{t\) /c /(t 2 )- In this case, the 
problem seems to arise because the same distribution variable occurs in the target of the conclusion of the 
first rule in two different i'-sorts positions of the target distribution term. However, the problem is not so 
general. Notice that if the target in the conclusion is replaced by the term g(jj., c.O) 0p g{b.0,ij) we would 
have /(ti) ~c /(t 2 ). The difference arises from the fact that in the interpretation of g{0,6) the probability 
distribution |[0]| multiplies with itself. This is not the case in the interpretation of g{6,cS))®p g{b.0,G) 
where the two instances of |[0| are summed up. Thus, we will actually request that the target of the 
conclusion is linear with respect to each distribution variable on a target of a positive premise. 

Definition 12. A distribution term TfS^) is linear for a set V c if(i) 0 e T(Zd)U'y;U{d(x) | x e 'Vj. 
( ii) ^ and 9i is iinearfor V, for aii i € I, (in) 6 = f{0\ On), for aii i e I, 6i is iinearfor V, 

and 'V{9i)C\'V{9j) C\V - %,for aiii,] €{\,...,n} and i + j, 

Definition 13. Let P = {'L,A,R) be a PTSS. A ruie reRis in convex ntgfO format if has the form 


[JmeM^^miz) -> | Z £ “A | Z € JZ) 

[JrneMiifniZfn) ^ pf I / £ N) 0 ]/rf )(T/) pi^k \l€Lfn,k€ K,} 

/(^l,...,^rk(/)) ^ 9 


with L = Lfh n Lfh’ = 0 whenever m + m', e {>, >|/or aii ie L and ke Ki, iZ = Diag[Yi}i^L x 

W Q'VU 'Td\ [Ji^L ¥[. In addition, it shouid aiso satisfy conditions^to^in Def 11 and 


the foiiowing extra conditions: 

7. For every the M, thefamiiy {p'”}ien £ [0,1] n Q and Pf - 1 

8. For every me M, there is exactiy one y e N such that /i™ = Pm far some me M and IZ, in which 

case aiso tmiZm) —^ faj = tm{z) —^ Moreover {pf | / £ N} n [pf | / £ N) = dlfor aii m + in', and 


[p'" I / £ N) n {^'i,...,Zk(/)) = 0- 

9. No variabie pf^, with me M and z e Z^, appears in the source of a premise (i.e. in the set W) or in 
a d-sorted position of a subterm in the target of the conciusion 9. 

10. 9 is iinearfor [p^^\ me M,z€ X}. 


a 

A ruie reRis in convex ntpxO format if its form is iike above but has a conciusion of the form x^9 and 
it satisfies the same conditions, except that whenever we write {^i,... ,^rk(/)}. wc shouid write {x}. A set 
of convex ntpfO/ntpxO ruies R is convex closed if for aii r e R, for any term appearing in a 

quantitative premise ofr and anyfamiiy {<7,|;gN £ [0.1] H Q such that = 1, then the ruie r' obtained 

by repiacing each occurrence of ^i^^[p'p]pf in r by is Mso in R. A PTSS P = {1,,A,R) is 

in convex ntpfOjntpxO format if aii ruies in R are in convex ntpfOIntpxO format and R is convex dosed. 
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The problem indicated in rule (j^ is attacked with the requirement of having sets {tm(zm) —^ pf I i £ 
N) as positive premises with which the convex closures ®]/^f can be constructed, plus the request 
that the set of rules is convex closed. Notice that condition states that these sets of positive premises 
are only used to construct such distribution terms and are only linked to the “actual” positive premises in 

UmeMUrni^ | z € Z) through a single transition tfn{Zm) p'J. 

Rules like Q and the left rule on Q are excluded on condition since no variable of a positive 
premise can be used in the source of a premise (excluding Q) or in a rZ-sort position in the target of the 
conclusion (excluding Q). Finally, rules like on the left of Q are excluded by requesting that the target 
of the conclusion is linear (condition [T^. 

Now, we can state the congruence theorem for convex bisimulation equivalence. 

Theorem 3. Let P be a complete well-founded PTSS in convex ntpfOjntpxG format. Then, convex bisimu¬ 
lation equivalence is a congruence for all operators defined by P. 

We focus now on the probability abstracted bisimulation. Notice that the terms ta = a.{b.09o.5 
and t 4 = a.(A.O 0 o.i c.O) are probability abstracted bisimilar, i.e., ta ~a 14 . Consider now the unary operator 
/ whose semantics is defined with rule ([^. It should not be difficult so see that /(ta) 0 while /(t 4 ) 

cannot perform any transition. Therefore /(ta) fa fiU)- The problem is a consequence of the fact that 
the quantitative premises are tested against non-zero values which may distinguish distributions with the 
same support set but mapping into different probability values. Thus, in order to preserve probability 
abstracted bisimulation equivalence, the only extra restriction that we ask to a rule in nt^GjntpxO format 
is that none of its quantitative premises test against a value different from 0 . 

Definition 14. A PTSS P - {1,,A,R) is in probability abstracted ntpfQjntpxG format if it is in ntpfGjntpxG 
format and for every rule r eR and quantitative premise G{Y) > p € qprem(r), p -0. 

The proof of the congruence theorem for probability abstracted bisimulation equivalence (Theorem]^ 
below) follows closely the lines of the proof of Theorem as given in Q. 

Theorem 4. Let P be a complete well-founded PTSS in probability abstracted ntpfGjntpxG format. Then, 
the probability abstracted bisimulation equivalence is a congruence for all operators defined in P. 

Given the alternative definition of the probability obliterated bisimulation provided by Lemma|^ we 
will now consider simpler definitions for the quantitative premises for the rule format associated to this 
relation. Thus, we consider quantitative premises of the form 0({y)) > p rather than G{Y) > p. 

Taking ti, and t 4 as before, we have that 13 ~o 14 . The same example of the unary operator /, whose 
semantics is defined with a conveniently modify rule ([T]), shows that f{t^) fa /(t 4 ) and hence the need 
that the quantitative premises can only be tested against 0 . 

Let ts = a.(i.O 0 o .5 c.O) and te = a.bS) + a.c.Q, and observe that ~o te. Take rule Q as the semantic 
definition for /. Notice that fitf) a.(i.O 00.5 c.O) is the only transition for f{tf), while the only 
possible transitions for/(t 6 ) are/(t 6 ) a.i.O and/(tg) a.c.O. Since a.b.O fo a.(ft.O0o.5 c.O) /oCr.c.O, 
/(ts) fo /(te)- Like for the convex bisimulation case, this shows that the target of a positive premise 
cannot appear in a rZ-sorted position of a subterm in the target of the conclusion. 

Suppose now that the semantics of / is defined with the rule 

xf^P ju({yi})>0 p({y 2])>0 yi^pi yi-^pi 

fix) ^ 0 

Notice that /(tg) fg /(tg) since /(tj) 0 while /(tg) cannot perform any transition. This is due to the 

fact that, by allowing the same distribution variable p to occur in different quantitative premises, we gain 
some knowledge of the structure of (the instance of) p, in particular of its support set. 
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Consider now that / is defined with the left rule in Q and g with an appropriate modification of the 
right rule in Notice that /(ts) 0 but /(te) cannot perform any transition. Thus /(tj) /o /(te). In 

this case, we are also gaining knowledge of the support set of ju, but this time through the rule associated 
to the operator g. Therefore we require that a target of a positive premise does not appear in the source 
of a positive or negative premise. 

Consider now the rules 


x-^fi p({y))>0 y^n' x-^n 

-^^ ( 6 ) 

fix) gig) gix) 0 

Notice that the only transition for fitf) is /(tj) g(ft.O 0 o .5 c.O) and the only transition for /(tg) is 
/(te) g{b-^)- Then /(tj) g(c.O) ^ 0 while /(tg) gib.^) is the only possible “obliterated” transi¬ 

tion for /(tg). Then /(tj) /o /(te)- This is an alternative way of gaining information on the support set of 
a possible instance of g in Q: on the one hand, by the quantitative premise on the first rule, we deduce 
that such instance has an element in the support set that performs a fj-transition and, on the other hand, 
by having g as an argument in the target of the conclusion, we may gather extra information from the 
same instance of g through the rules for the semantics of the target of the conclusion (in this case, that g 
has another element in the support set that performs a c-transition.) Therefore, we forbid that the target 
of a positive premise is both tested in a quantitative premise and used in the target of the conclusion. 

Notice that the example in rules Q also apply for probability obliterated bisimulation since ti ~o 
tj but /(ti) fo fiti) with exactly the same explanation. Thus, we also request that the target of the 
conclusion is linear for all distribution variables on targets of positive premises. 

Finally, consider a modification Q where the left rule is instead 

x-^g gig,g)i{y}) >0 y-^g' 
fix) A 0 

a 

It should not be difficult to observe that /(tg) ^ 0 but /(tg) cannot perform any transition. Thus /(tg) 
/(tg). For this reason we also require that the quantitative premises only allow linear distribution terms. 

Definition 15. Let P = (S,A,/?) be a well-founded PTSS. A rule reR is in probability obliterated ntgfO 
format if it has the form 


Gm b„ 

fifl,...,frk(f)) 9 

where all variables fxv.{f), Pm, with m e M, and yi, with I € L, are different and the following 

restrictions are satisfied: 

1. For all m€ M, 'T'(tm) Fi [gm' I nt' € M} = 0. Similarly, for all n€ N, A^itn) H [gm' I m' £ M) = 0. 

2. For all leL, Gi is linear for {g,„, \ m' e M] and, moreover, for all 1,1' eL with I + I', 'ViOi) n 'Vidr) n 
{g,n I m e M) = 0. 

3. 9 is linear for [gm' \ m' € M], 'ViO) D ( {Jiei'^ibi)) H [gm \ m e M) = 0, and no variable gm appear 
in a d-sorted position of a subterm of the target of the conclusion 9. 

A rule is in probability obliterated ntgx9 format if its form is like above but has a conclusion of the form 

a 

X ^ 9. P is in probability obliterated ntgfGjntgxG format if all its rules are in probability obliterated 
ntgf9lntgx9 format. 
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Condition [T] limits the form to exclude rules like the one on the left of Q. Condition|^requires that 
the distribution terms on the quantitative premises are linear (excluding ([^), and that they do not share 
distributions variables on the target of positive premises (excluding Q). Finally, condition [^request that 
the target of the conclusion is linear (excluding Q) and does not have targets of positive premises on 
r/-sorted positions (excluding Q) nor if they are used in quantitative premises (excluding Q). 

Finally, we state the congruence theorem for probability obliterated bisimulation equivalence. 

Theorem 5. Let P be a complete well-founded PTSS in probability obliterated ntpfOjntpxO format. Then, 
probability obliterated bisimulation equivalence is a congruence for all operators defined by P. 


6 Conclusion and Future Work 


In this article, we presented three new rule formats that preserve three different bisimulation equivalences 
coarser than Larsen & Skou’s bisimulation. These formats are more restricted variants of the ntpfOfntpxO 
format and notably, all of them can be seen as generalizations of the non-probabilistic ntyft/ntyxt for¬ 
mat IZlEI- For completeness we mention two other similar results on PTSSs that fall out of Larsen & 
Skou’s bisimulation. They are [ [20| , that presents a format for rooted branching bisimulation, and phj , 
that presents a format for non-expansiveness of e-bisimulations. 

Prior to the congruence theorems, we presented the different bisimulation equivalences, compare 
them, and, in particular, we gave a logic characterization for each of them. The intention of presenting 
these logic characterizations is to use them as the basis for the proof of full abstraction theorems (see, 
^T^.) Full abstraction theorems are somewhat dual to the congruence theorems. An equiva- 


e-g 

lence relation is fully abstract with respect to a particular format and an equivalence relation = if it is the 
largest relation included in = that is a congruence for all operators definable by any PTSS in fhaf format. 
In particular we are interested when = is the coarsest reasonable behavioral equivalence, namely, (pos- 
sibilistic) trace equivalence. We are busy now on trying to prove this results for the formats presented 
here using the logic characterization as a means to construct the so called testers. As the current point 
of our investigation, we do not foresee major problems for all relations except for convex bisimulation 
equivalences, for which we may need to relax some of the conditions of the convex ntjjfOIntpxB format. 
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